Settings master password does not encrypt session passwords from old storage

Advertisement

Baumi1990
Joined:
Posts:
1

Settings master password does not encrypt session passwords from old storage

Example:

WinSCP-User used Windows registry as storage before switching to INI file. After switching to use INI the user sets a master password. The passwords in the INI file are now encrypted with AES while passwords in the registry are not. So even though the user set a master password, thinking his passwords are safe, they are still easily decryptable from the registry.

While it is possible to encrypt the old storage by changing the configuration storage to Windows registry press OK and switch back to the new storage, setting a master password should automatically encrypt the old and new storage in my opinion.

Reply with quote

Advertisement

martin
Site Admin
martin avatar
Joined:
Posts:
38,408
Location:
Prague, Czechia

Re: Settings master password does not encrypt session passwords from old storage

Thanks for your opinion.

Well, I do not really agree. One might intentionally have multiple WinSCP configurations. And they should stay separated. Though I understand that the behaviour might be unexpected to some. So maybe some warning would be appropriate.

Reply with quote

Advertisement

You can post new topics in this forum